Hacker News new | past | comments | ask | show | jobs | submit | baobun's comments login

Fill in the blank to run a docker container which opens the file with user-provided path in (say) vim.

docker run --rm -it ...?

Now run a container doing the exact same thing ("docker-in-docker").

docker run --rm -it -v $DOCKER_HOST:/var/run/docker.sock ...?


> Fill in the blank to run a docker container which opens the file with user-provided path in (say) vim.

Never used docker before, but this seems to work:

    docker run --rm -it debian bash -c 'vim -- "$1"' _ "$user_provided_path"

Looks relatively safe to me, though it doesn't seem to work because debian:latest doesn't have vim in it (so I'm skeptical of your implicit claim of having tried it), and, if $user_provided_path is empty, it defaults to browsing the filesystem. But there are a lot of characters there that are specifically there to avoid footguns; without them, it would seem to work, but it would fail when $user_provided_path contained special characters.

The version I tested was

    docker run --rm -it debian bash -c 'apt update; apt install -y vim; vim -- "$1"' _ "$user_provided_path"

> your implicit claim of having tried it

I tried printing positional parameters, they looked fine. (And already uninstalled docker. What's the point of containerization if you need superuser privileges to use it?)

> if $user_provided_path is empty, it defaults to browsing the filesystem

That's what

    vim -- ""
does.

> But there are a lot of characters there that are specifically there to avoid footguns

What are those characters? --? That's not a lot


Also bash -c '' and "".

Who watches the watchmen?

(downdetector infra also likely affected)


> Often because of limitations of Ruby

wat.

If anything I think Rubys lack of limitations could be the issue. There's a thousand different ways to do anything, and people do.


Ruby doesn't have "interfaces" - obviously, because it doesn't have types or a type-enforcement.

So any design pattern, architecture or concept that relies on types, or interfaces, are "limited" in that sense. Ports, Adapters, Strategy, for example " require" interfaces in their definition. Their benefits rely on interfaces, so if a language lacks this, you really only get the downsides. Factory, Observer, Decorators, etc mention them, and use them, but can be implemented without them.

Maybe "limitations" isn't the best word, because e.g. "an interface" is a deliberate limitation, imposed and designed by the developer.



Mandating open and interoperable formats would be a good start. Moving off for a department becomes much less of a shift if it doesn't require coordination with everyone you might exchange files with.

I do agree there, although Microsoft will argue till the end of the earth that OOXML are already those formats.

Different experiences may come from their "remote settings", where they toggle rollout/enabling of features depending on results from API calls to Mozilla servers.

Defaults may differ by inferred country, for example.

I don't believe this remote-toggling can be disabled via config, even if you'd expect it covered by "experiments".


> > @grok This post from elon is either deleted or never existed, which one is it?

> The post from Elon Musk likely existed and was deleted. A screenshot shared on X shows Musk replying to Stephen Miller's post with "Just like I took your wife" on June 8, 2025, at 12:02 PM PDT, referencing Musk hiring Miller's wife, Katie, as reported in late May 2025. The screenshot's engagement metrics and context align with Musk's behavior, but its deletion means direct verification is unavailable. While a fabricated screenshot is possible, the evidence leans toward the post being real but removed, consistent with Musk's pattern of deleting controversial posts.


I foresee an increase in displays showing ads, as well as cameras with facial recognition.

The key word is "reliable". Leave that SSD in a box for 5+ years and there's a fair chance of failure / corruption when you come back to read it.

The require to get the private key? When they could ask for the cert and just cross-sign? Can't imagine any valid reason for that...

Would be nice to get a confirmation of this as it sounds wild.


Valid reason for them is they would have to spend money on supporting and maintaining cross signing. I can image it is much much cheaper to just store priv key.

So if they can get away with it they just do it, no one is there to stop them.


> Can't imagine any valid reason for that...

Depends of your paranoia level: either because laziness or because of evil intentions...


> Depends of your paranoia level: either because laziness or because of evil intentions...

They disposed of the "Don't be evil" promise in a very active and energetic manner, seems like we have rational grounds for deciding, without paranoia :)


Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: